I need to develop a system to monitor operations performed on files/folders.
Such as
1. open,
2. read,
3. write,
4. close,
5. copy,
6 rename,and
7. move


I have stumbled upon one solution.

Having a "File System Filter Driver" which monitors every atomic operation performed on the file system. But the information available out of the driver is too huge to classify into a single user operation.

For example
(*) IRP_MJ_WRITE is the Major function getting initiated when a user tries to write a file.
(*) However more than one IRP_MJ_WRITE happens for a single write.
(*) when user saves the document twice,it is difficult for me to group the IRP_MJ_WRITE's into TWO user writes.


Someone help me on how to proceed on this, or may be any other solution to this problem.